Merge pull request #3074 from nextcloud/docs/noid/issueReportingGuidance

Add reporting issues guidance, first time contributor reply
2024-09-24 19:21:06 +02:00 · 2024-09-24 19:21:06 +02:00 · b3567473ce
--- a/.github/.config.yml
+++ b/.github/.config.yml
@ -0,0 +1,3 @@
+firstPRMergeComment: >
+    Thanks for your first pull request and welcome to the community!
+    Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/ios/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22
--- a/.github/.config.yml.license
+++ b/.github/.config.yml.license
@ -0,0 +1,2 @@
+SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+SPDX-License-Identifier: GPL-3.0-or-later
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -0,0 +1,4 @@
+# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: GPL-3.0-or-later
+# You can add one username per supported platform and one custom link
+custom: https://nextcloud.com/include/
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -1,3 +1,9 @@
+---
+name: 🐛 Bug report: Nextcloud iOS Client
+about: Submit a report and help us improve the Nextcloud iOS Client
+labels: bug, 0. Needs triage
+---
+
 ### Steps to reproduce

 1.
@ -26,7 +32,7 @@ If applicable, you can post the iOS app or server logs (removing any sensitive i

 ### Environment data

-**iOS version:** e.g. iOS 14.4.1
+**iOS version:** e.g. iOS 17.6.1

 **Nextcloud iOS app version:** see More > Settings

--- a/.github/ISSUE_TEMPLATE/bug_report.md.license
+++ b/.github/ISSUE_TEMPLATE/bug_report.md.license
@ -0,0 +1,2 @@
+SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+SPDX-License-Identifier: GPL-3.0-or-later
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: GPL-3.0-or-later
+contact_links:
+    - name: 🚨 Report a security or privacy issue
+      url: https://hackerone.com/nextcloud
+      about: Report security and privacy related issues privately to the Nextcloud team, so we can coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
+    - name: ❓ Community Support and Help
+      url: https://help.nextcloud.com/
+      about: Configuration, webserver/proxy or performance issues and other questions
+    - name: 💼 Nextcloud Enterprise
+      url: https://portal.nextcloud.com/
+      about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly
--- a/.github/ISSUE_TEMPLATE/config.yml.license
+++ b/.github/ISSUE_TEMPLATE/config.yml.license
@ -0,0 +1,2 @@
+SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+SPDX-License-Identifier: GPL-3.0-or-later
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,48 @@
+---
+name: 🚀 Feature request
+about: Suggest an idea for this project
+labels: enhancement, 0. Needs triage
+---
+
+<!--
+Thanks for reporting issues back to Nextcloud!
+
+Note: This is the **issue tracker of Nextcloud**, please do NOT use this to get answers to your questions or get help for fixing your installation. This is a place to report bugs to developers, after your server has been debugged. You can find help debugging your system on our home user forums: https://help.nextcloud.com or, if you use Nextcloud in a large organization, ask our engineers on https://portal.nextcloud.com. See also  https://nextcloud.com/support for support options.
+
+Nextcloud is an open source project backed by Nextcloud GmbH. Most of our volunteers are home users and thus primarily care about issues that affect home users. Our paid engineers prioritize issues of our customers. If you are neither a home user nor a customer, consider paying somebody to fix your issue, do it yourself or become a customer.
+
+Guidelines for submitting issues:
+
+* Please search the existing issues first, it's likely that your issue was already reported or even fixed.
+    - Go to https://github.com/nextcloud and type any word in the top search/command bar. You probably see something like "We couldn’t find any repositories matching ..." then click "Issues" in the left navigation.
+    - You can also filter by appending e. g. "state:open" to the search string.
+    - More info on search syntax within github: https://help.github.com/articles/searching-issues
+    
+* This repository https://github.com/nextcloud/server/issues is *only* for issues within the Nextcloud Server code. This also includes the apps: files, encryption, external storage, sharing, deleted files, versions, LDAP, and WebDAV Auth
+  
+* SECURITY: Report any potential security bug to us via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/) instead of filing an issue in our bug tracker.  
+
+* The issues in other components should be reported in their respective repositories: You will find them in our GitHub Organization (https://github.com/nextcloud/)
+-->
+
+
+<!--- Please keep this note for other contributors -->
+
+### How to use GitHub
+
+* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are interested into the same feature.
+* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
+* Subscribe to receive notifications on status change and new comments. 
+
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md.license
+++ b/.github/ISSUE_TEMPLATE/feature_request.md.license
@ -0,0 +1,2 @@
+SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+SPDX-License-Identifier: GPL-3.0-or-later
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,71 @@
+<!--
+ ~ SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ ~ SPDX-License-Identifier: GPL-3.0-or-later
+-->
+# Security Policy
+
+# 💡 TLDR: Report issues at [hackerone.com/nextcloud](https://hackerone.com/nextcloud)
+
+# Security Policy
+
+[Security](https://nextcloud.com/security/) is very important to us.
+
+If you believe you have found a security vulnerability that meets our definition of a security
+vulnerability, please report is as described below.
+
+## Context
+
+Please review our [threat model and accepted risks](https://nextcloud.com/security/threat-model) to learn what
+is currently considered a security vulnerability versus expected behavior. And review what is considered
+[in scope or bounty eligible](https://hackerone.com/nextcloud/policy_scopes).
+
+
+## Reporting a Vulnerability
+
+**⚠️ Please do _not_ report security vulnerabilities through public GitHub issues.**
+
+If you have discovered a security matter with Nextcloud, please read our
+[responsible disclosure guidelines](https://nextcloud.com/security/) and contact us at
+[hackerone.com/nextcloud](https://hackerone.com/nextcloud).
+
+Your report should include:
+
+- Product version
+- A vulnerability description
+- Reproduction steps
+- Any other details you think are likely to be important
+
+### What to Expect
+
+You should receive an initial acknowledgement within 24 hours in most cases.
+
+A member of the security team will confirm the vulnerability, determine its impact, follow-up with any questions,
+and coordinate the fix and publication.
+
+The fix will be applied to all applicable and still supported stable branches, tested, and packaged in the next security release.
+The vulnerability will be publicly announced after the release. Finally, your name will be added
+to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud
+community.
+
+If the vulnerability involves an app that is not maintained by Nextcloud (i.e. hosted by the 
+Nextcloud project but community maintained, or hosted elsewhere), the security team will try to coordinate with the
+current maintainer and help to get the issue fixed in similar fashion.
+
+### Bug Bounties
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Details
+on past bounty ranges can be found at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).
+
+## Existing Security Advisories
+
+Published security advisories for the Nextcloud Server, Clients and Apps can be viewed at
+[https://github.com/nextcloud/security-advisories/security/advisories](https://github.com/nextcloud/security-advisories/security/advisories).
+
+## Supported Versions
+
+Only the latest version is supported. We release every second month a feature release (currently 5.x) and inbetween a bug fix release (5.x.y).
+
+## Additional Information
+
+Please visit [https://nextcloud.com/security/](https://nextcloud.com/security/) for further information about Nextcloud security.
+Please visit [https://nextcloud.com/security/threat-model](https://nextcloud.com/security/threat-model) for our threat model and accepted risks.